SailPoint proper way to construct a rolling log file

There is some confusion of how to set up the log4j2.properties file in order to log to a rolling log file.  Here is what the OOTB log4j2.properties file shows:

# Below is an example of how to create a logger that writes to a file.

# Uncomment the following five lines, then uncomment the 

# rootLogger.appenderRef.file.ref definition below

#appender.file.type=File

#appender.file.name=file

#appender.file.fileName=C:/Windows/Temp/sailpoint.log

#appender.file.layout.type=PatternLayout

#appender.file.layout.pattern=%d{ISO8601} %5p %t %c{4}:%L - %m%n

This setup does not roll.  The file also contains the following:

#appender.meter.type=RollingFile

#appender.meter.name=meter

#appender.meter.fileName=C:/Windows/Temp/meter.log

#appender.meter.filePattern=C:/Windows/Temp/meter-%d{yyyy-MM-dd}-%i.log.gz"

#appender.meter.layout.type=PatternLayout

#appender.meter.layout.pattern=%m%n

#appender.meter.policies.type=Policies

#appender.meter.policies.size.type=SizeBasedTriggeringPolicy

#appender.meter.policies.size.size=10MB

#appender.meter.strategy.type=DefaultRolloverStrategy

#appender.meter.strategy.max=5

The main issue with this is the use of the date and the gzip options.  It also doesn't have the proper pattern layout.

The best practice is something like this:

appender.rolling.type=RollingFile

appender.rolling.name=rolling

appender.rolling.fileName=D:/iiq83/logs/sailpoint.log

appender.rolling.filePattern=D:/iiq83/logs/sailpoint-%i.log"

appender.rolling.layout.type=PatternLayout

appender.rolling.layout.pattern=%d{ISO8601} %5p %t %c{4}:%L - %m%n

appender.rolling.policies.type=Policies

appender.rolling.policies.size.type=SizeBasedTriggeringPolicy

appender.rolling.policies.size.size=20MB

appender.rolling.strategy.type=DefaultRolloverStrategy

appender.rolling.strategy.max=5

The word "rolling" can be substituted by any other name.  Be sure to leave out the date and the gzip references in the filePattern part.

Some advice: Never use the time based policy.  Never use the startup policy.  With this method you can archive files by their age.

Usage for this includes the following to make sure the files are correctly being written to:

rootLogger.level=warn

rootLogger.appenderRef.stdout.ref=stdout

rootLogger.appenderRef.rolling.ref=rolling

And all logging should be structured like this:

logger.objexp.name=com.sailpoint.objectexporter.task

logger.objexp.level=trace

logger.objexp.appenderRef.rolling.ref=rolling

logger.objexp.additivity=false

The second portion of this block, must be unique.

The file name you chose, should be provided in the third line in two places as shown.

Programmatic options for Account Aggregation

When running an account aggregation you have to feed a Map of values.  This listing shows the names and the checkboxes it checks on the UI.

Checkbox	Code	Description
Select Applications to Scan	applications	List of application names, comma separated
Optionally select a rule ..	creationRule	Specify rule name
Refresh Assigned and Detected Roles	correlateEntitlements	Refresh roles on aggregation ??
Check Active Policies	checkPolicies	Run through policy checking on aggregation
Only create links if they..	correlateOnly	Do not create uncorrelated identities
Refresh identity risk scorecards	refreshScorecard	Risk scorecards
Maintain identity histories	checkHistory	See history pages
Enable delta aggregation	deltaAggregation	If the connector supports this
Detect deleted accounts	checkDeleted	Detect deleted accounts - do not use with delta or targeted agg
Maximum deleted accounts	checkDeletedThreshold	If more than this, do not delete
Refresh assigned scope	correlateScope	Refresh scopes based on attributes
Disable auto creation of scopes	noAutoCreateScopes	If enabled do not do this
Disable optimization	noOptimizeReaggregation	Process every account - no optimization
Promote managed attributes	promoteManagedAttributes	Only use this if there is no group schema
Disable auto creation of apps	noAutoCreateApplications	If enabled do not do this
Disable marking as needing refresh	noNeedsRefresh	Do not set needsRefresh to true
Enable partitioning	enablePartitioning	Enables partitioning if supported
Objects per partition	objectsPerPartion	If the connector supports
Loss limit	lossLimit	If the connect supports
Terminate when maximum	haltOnMaxError	Self explanatory
Maximum errors before	maxErrorThreshold	Should specify this
Sequential Execution	sequential	Terminate sequence on error
Actions to include	logAllowedActions	See options: comma sep list

List of logAllowedActions options: (I recommend never using this): 

• CorrelateManual
• CorrelateMaintain
• CorrelateNewAccount
• CorrelateReassign
• Create
• Ignore
• Remove